[RADIATOR] Tacacs Authentication to survive reloads ?
James
jtp at nc.rr.com
Mon Apr 16 07:58:06 CDT 2012
Sorry for not chiming in earlier...I'm also dealing with the same
problem -- TACACS+ reload results in dozens of network device
authentications getting lost. I suppose this becomes problematic when
you have a network of my size (2500+ devices).
Would it be possible to reinstate functionality that would allow the
TACACS+ server to survive a reload? That would be very, very helpful!
-james
On Mon, Apr 16, 2012 at 07:28, Patrik Forsberg
<patrik.forsberg at ip-only.se> wrote:
>> > Did another downgrade to 4.6 this time and here the issue seem to be
>> gone..
>> > I can reload/restart and the commands gets authorized as they should..
>>
>> With version 4.7 + patches you tried, the patches may have included
>> AuthorizeGroupAttr so that's why it did not work. It was between 4.7 and
>> 4.8 when this became available.
>
> I see.. I'll try 4.7 without patches..
>
>> > Another issue that seem to be gone with 4.6 is that the first request to a
>> Radiator 4.9 tacacs server fail, second and onwards works as they should.
>>
>> There are a number of changes between 4.6 and 4.8/4.9 and one of them
>> may have fixed the problem you are seeing.
>
> Actually the issue arise in 4.9 at least, this specific issue is so small that I didn't try it on 4.8 and 4.7..
>
>> Is there anything else you do not like in current apart from
>> authorization info (context) not being saved across reloads?
>
> No the only real issue I see is that authentications doesn't survive a reload.. secondary is the first request failing other than that I think it all works as I expect it :)
>
> //Patrik
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list